CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2020-13346 200 +Info 2020-10-07 2021-07-21
4.0
None Remote Low ??? Partial None None
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.
752 CVE-2020-13345 79 XSS 2020-10-06 2020-10-15
3.5
None Remote Medium ??? None Partial None
An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes
753 CVE-2020-13344 200 +Info 2020-10-08 2021-07-21
2.1
None Local Low Not required Partial None None
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis
754 CVE-2020-13343 668 2020-10-06 2020-10-14
4.0
None Remote Low ??? Partial None None
An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template
755 CVE-2020-13342 400 2020-10-07 2021-07-21
4.0
None Remote Low ??? None None Partial
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
756 CVE-2020-13341 732 2020-10-12 2021-07-21
4.0
None Remote Low ??? None Partial None
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
757 CVE-2020-13340 79 XSS 2020-10-08 2020-10-14
3.5
None Remote Medium ??? None Partial None
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
758 CVE-2020-13339 79 XSS 2020-10-08 2020-10-08
6.0
None Remote Medium ??? Partial Partial Partial
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
759 CVE-2020-13338 79 XSS 2020-10-02 2020-10-08
3.5
None Remote Medium ??? None Partial None
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
760 CVE-2020-13337 79 XSS 2020-10-02 2020-10-08
3.5
None Remote Medium ??? None Partial None
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.
761 CVE-2020-13335 287 2020-10-07 2021-07-21
4.0
None Remote Low ??? None Partial None
Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.
762 CVE-2020-13334 863 2020-10-07 2020-10-15
5.0
None Remote Low Not required None Partial None
In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query
763 CVE-2020-13333 400 2020-10-06 2020-10-29
4.0
None Remote Low ??? None None Partial
A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
764 CVE-2020-13327 2020-10-22 2020-11-02
6.0
None Remote Medium ??? Partial Partial Partial
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
765 CVE-2020-13168 79 XSS 2020-10-02 2020-10-08
4.3
None Remote Medium Not required None Partial None
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
766 CVE-2020-13100 DoS 2020-10-26 2020-11-02
5.0
None Remote Low Not required None None Partial
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
767 CVE-2020-12933 125 DoS 2020-10-13 2020-10-21
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.
768 CVE-2020-12928 2020-10-13 2021-11-04
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.
769 CVE-2020-12911 125 DoS 2020-10-13 2020-10-22
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account.
770 CVE-2020-12830 787 Exec Code Overflow 2020-10-27 2020-11-02
7.5
None Remote Low Not required Partial Partial Partial
Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.
771 CVE-2020-12676 347 Bypass 2020-10-02 2021-04-30
6.4
None Remote Low Not required Partial Partial None
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".
772 CVE-2020-12670 79 XSS 2020-10-12 2020-10-16
4.3
None Remote Medium Not required None Partial None
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
773 CVE-2020-12504 912 2020-10-15 2022-03-16
7.5
None Remote Low Not required Partial Partial Partial
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
774 CVE-2020-12503 863 2020-10-15 2022-04-29
6.5
None Remote Low ??? Partial Partial Partial
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
775 CVE-2020-12502 352 2020-10-15 2022-04-29
6.8
None Remote Medium Not required Partial Partial Partial
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
776 CVE-2020-12501 798 2020-10-15 2022-06-06
7.5
None Remote Low Not required Partial Partial Partial
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
777 CVE-2020-12500 306 2020-10-15 2022-04-29
7.5
None Remote Low Not required Partial Partial Partial
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.
778 CVE-2020-12401 327 2020-10-08 2021-07-21
1.9
None Local Medium Not required Partial None None
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
779 CVE-2020-12400 200 +Info 2020-10-08 2021-07-21
1.2
None Local High Not required Partial None None
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
780 CVE-2020-12302 269 2020-10-05 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
781 CVE-2020-12127 200 +Info 2020-10-02 2021-07-21
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
782 CVE-2020-12126 287 DoS Bypass 2020-10-02 2020-10-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.
783 CVE-2020-12125 120 Overflow 2020-10-02 2020-10-08
10.0
None Remote Low Not required Complete Complete Complete
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
784 CVE-2020-12124 78 Exec Code 2020-10-02 2020-10-08
10.0
None Remote Low Not required Complete Complete Complete
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
785 CVE-2020-12123 352 CSRF 2020-10-02 2020-10-08
7.8
None Remote Medium Not required None Partial Complete
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.
786 CVE-2020-11979 2020-10-01 2022-05-12
5.0
None Remote Low Not required None Partial None
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
787 CVE-2020-11858 Exec Code 2020-10-27 2021-05-12
4.6
None Local Low Not required Partial Partial Partial
Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.
788 CVE-2020-11854 798 Exec Code 2020-10-27 2022-04-26
10.0
None Remote Low Not required Complete Complete Complete
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
789 CVE-2020-11853 Exec Code 2020-10-22 2021-05-12
6.5
None Remote Low ??? Partial Partial Partial
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
790 CVE-2020-11800 Exec Code 2020-10-07 2022-01-01
7.5
None Remote Low Not required Partial Partial Partial
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
791 CVE-2020-11646 2020-10-15 2021-11-03
4.0
None Remote Low ??? Partial None None
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.
792 CVE-2020-11645 400 DoS 2020-10-15 2022-06-03
4.0
None Remote Low ??? None None Partial
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.
793 CVE-2020-11644 2020-10-15 2022-06-03
4.0
None Remote Low ??? None Partial None
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.
794 CVE-2020-11643 532 2020-10-15 2021-11-04
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.
795 CVE-2020-11642 552 File Inclusion 2020-10-15 2022-06-03
4.0
None Remote Low ??? None None Partial
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.
796 CVE-2020-11641 552 File Inclusion 2020-10-15 2022-06-03
4.0
None Remote Low ??? Partial None None
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.
797 CVE-2020-11637 401 DoS 2020-10-15 2021-09-14
5.0
None Remote Low Not required None None Partial
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
798 CVE-2020-11616 335 2020-10-29 2021-07-21
5.0
None Remote Low Not required Partial None None
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure.
799 CVE-2020-11615 798 2020-10-29 2020-11-05
5.0
None Remote Low Not required Partial None None
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.
800 CVE-2020-11496 77 Exec Code 2020-10-19 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.
Total number of vulnerabilities : 1563   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.